DOC emphasize security sensitivity of joblib.load#879
Merged
ogrisel merged 3 commits intojoblib:masterfrom May 29, 2019
Merged
Conversation
Codecov Report
@@ Coverage Diff @@
## master #879 +/- ##
===========================================
- Coverage 95.28% 84.12% -11.17%
===========================================
Files 45 45
Lines 6425 6412 -13
===========================================
- Hits 6122 5394 -728
- Misses 303 1018 +715
Continue to review full report at Codecov.
|
Closed
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
Oct 31, 2019
Release 0.14.0 Improved the load balancing between workers to avoid stranglers caused by an excessively large batch size when the task duration is varying significantly (because of the combined use of joblib.Parallel and joblib.Memory with a partially warmed cache for instance). joblib/joblib#899 Add official support for Python 3.8: fixed protocol number in Hasher and updated tests. Fix a deadlock when using the dask backend (when scattering large numpy arrays). joblib/joblib#914 Warn users that they should never use joblib.load with files from untrusted sources. Fix security related API change introduced in numpy 1.6.3 that would prevent using joblib with recent numpy versions. joblib/joblib#879 Upgrade to cloudpickle 1.1.1 that add supports for the upcoming Python 3.8 release among other things. joblib/joblib#878 Fix semaphore availability checker to avoid spawning resource trackers on module import. joblib/joblib#893 Fix the oversubscription protection to only protect against nested Parallel calls. This allows joblib to be run in background threads. joblib/joblib#934 Fix ValueError (negative dimensions) when pickling large numpy arrays on Windows. joblib/joblib#920 Upgrade to loky 2.6.0 that add supports for the setting environment variables in child before loading any module. joblib/joblib#940 Fix the oversubscription protection for native libraries using threadpools (OpenBLAS, MKL, Blis and OpenMP runtimes). The maximal number of threads is can now be set in children using the inner_max_num_threads in parallel_backend. It defaults to cpu_count() // n_jobs.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Update the documentation to make it explicit that joblib.load should never be used to load files from an untrusted source.
Also add compat for numpy 1.16.3 and later.